Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts. executing program [ 42.582270][ T3964] [ 42.582863][ T3964] ===================================================== [ 42.584579][ T3964] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 42.586406][ T3964] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 42.588072][ T3964] ----------------------------------------------------- [ 42.589772][ T3964] syz-executor142/3964 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 42.591724][ T3964] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 42.593891][ T3964] [ 42.593891][ T3964] and this task is already holding: [ 42.595650][ T3964] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.597867][ T3964] which would create a new lock dependency: [ 42.599292][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 42.601168][ T3964] [ 42.601168][ T3964] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 42.603440][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} [ 42.603457][ T3964] [ 42.603457][ T3964] ... which became SOFTIRQ-irq-safe at: [ 42.606423][ T3964] lock_acquire+0x240/0x77c [ 42.607455][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.608669][ T3964] net_tx_action+0x634/0x884 [ 42.609781][ T3964] __do_softirq+0x344/0xe20 [ 42.610974][ T3964] do_softirq+0x120/0x20c [ 42.612091][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 42.613372][ T3964] local_bh_enable+0x28/0x174 [ 42.614453][ T3964] dev_deactivate_many+0x580/0xbe4 [ 42.615725][ T3964] dev_deactivate+0x13c/0x1fc [ 42.616817][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 42.617941][ T3964] __linkwatch_run_queue+0x424/0x730 [ 42.619202][ T3964] linkwatch_event+0x58/0x68 [ 42.620294][ T3964] process_one_work+0x790/0x11b8 [ 42.621457][ T3964] worker_thread+0x910/0x1034 [ 42.622556][ T3964] kthread+0x37c/0x45c [ 42.623583][ T3964] ret_from_fork+0x10/0x20 [ 42.624610][ T3964] [ 42.624610][ T3964] to a SOFTIRQ-irq-unsafe lock: [ 42.626203][ T3964] (fs_reclaim){+.+.}-{0:0} [ 42.626220][ T3964] [ 42.626220][ T3964] ... which became SOFTIRQ-irq-unsafe at: [ 42.629086][ T3964] ... [ 42.629091][ T3964] lock_acquire+0x240/0x77c [ 42.630734][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.631876][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.633118][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.634496][ T3964] init_rescuer+0xa4/0x264 [ 42.635550][ T3964] workqueue_init+0x2b4/0x640 [ 42.636620][ T3964] kernel_init_freeable+0x448/0x650 [ 42.637874][ T3964] kernel_init+0x24/0x294 [ 42.638919][ T3964] ret_from_fork+0x10/0x20 [ 42.639985][ T3964] [ 42.639985][ T3964] other info that might help us debug this: [ 42.639985][ T3964] [ 42.642463][ T3964] Possible interrupt unsafe locking scenario: [ 42.642463][ T3964] [ 42.644485][ T3964] CPU0 CPU1 [ 42.645770][ T3964] ---- ---- [ 42.647101][ T3964] lock(fs_reclaim); [ 42.648056][ T3964] local_irq_disable(); [ 42.649753][ T3964] lock(noop_qdisc.q.lock); [ 42.651495][ T3964] lock(fs_reclaim); [ 42.653053][ T3964] [ 42.653855][ T3964] lock(noop_qdisc.q.lock); [ 42.655048][ T3964] [ 42.655048][ T3964] *** DEADLOCK *** [ 42.655048][ T3964] [ 42.656989][ T3964] 2 locks held by syz-executor142/3964: [ 42.658270][ T3964] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 42.660446][ T3964] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.662774][ T3964] [ 42.662774][ T3964] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 42.665271][ T3964] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 42.666538][ T3964] HARDIRQ-ON-W at: [ 42.667460][ T3964] lock_acquire+0x240/0x77c [ 42.668849][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.670494][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 42.672060][ T3964] dev_queue_xmit+0x24/0x34 [ 42.673511][ T3964] tx+0x8c/0x130 [ 42.674834][ T3964] kthread+0x1ac/0x374 [ 42.676149][ T3964] kthread+0x37c/0x45c [ 42.677519][ T3964] ret_from_fork+0x10/0x20 [ 42.679065][ T3964] IN-SOFTIRQ-W at: [ 42.679967][ T3964] lock_acquire+0x240/0x77c [ 42.681411][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.682830][ T3964] net_tx_action+0x634/0x884 [ 42.684360][ T3964] __do_softirq+0x344/0xe20 [ 42.685820][ T3964] do_softirq+0x120/0x20c [ 42.687341][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 42.689055][ T3964] local_bh_enable+0x28/0x174 [ 42.690646][ T3964] dev_deactivate_many+0x580/0xbe4 [ 42.692280][ T3964] dev_deactivate+0x13c/0x1fc [ 42.693798][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 42.695280][ T3964] __linkwatch_run_queue+0x424/0x730 [ 42.696929][ T3964] linkwatch_event+0x58/0x68 [ 42.698375][ T3964] process_one_work+0x790/0x11b8 [ 42.699913][ T3964] worker_thread+0x910/0x1034 [ 42.701445][ T3964] kthread+0x37c/0x45c [ 42.702806][ T3964] ret_from_fork+0x10/0x20 [ 42.704184][ T3964] INITIAL USE at: [ 42.705139][ T3964] lock_acquire+0x240/0x77c [ 42.706495][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.708060][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 42.709632][ T3964] dev_queue_xmit+0x24/0x34 [ 42.710980][ T3964] tx+0x8c/0x130 [ 42.712197][ T3964] kthread+0x1ac/0x374 [ 42.713609][ T3964] kthread+0x37c/0x45c [ 42.714941][ T3964] ret_from_fork+0x10/0x20 [ 42.716373][ T3964] } [ 42.716964][ T3964] ... key at: [] noop_qdisc+0x108/0x320 [ 42.718764][ T3964] [ 42.718764][ T3964] the dependencies between the lock to be acquired [ 42.718771][ T3964] and SOFTIRQ-irq-unsafe lock: [ 42.722046][ T3964] -> (fs_reclaim){+.+.}-{0:0} { [ 42.723199][ T3964] HARDIRQ-ON-W at: [ 42.724152][ T3964] lock_acquire+0x240/0x77c [ 42.725663][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.727288][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.728832][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.730660][ T3964] init_rescuer+0xa4/0x264 [ 42.732053][ T3964] workqueue_init+0x2b4/0x640 [ 42.733478][ T3964] kernel_init_freeable+0x448/0x650 [ 42.735088][ T3964] kernel_init+0x24/0x294 [ 42.736461][ T3964] ret_from_fork+0x10/0x20 [ 42.737886][ T3964] SOFTIRQ-ON-W at: [ 42.738840][ T3964] lock_acquire+0x240/0x77c [ 42.740159][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.741736][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.743363][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.745143][ T3964] init_rescuer+0xa4/0x264 [ 42.746567][ T3964] workqueue_init+0x2b4/0x640 [ 42.748092][ T3964] kernel_init_freeable+0x448/0x650 [ 42.749707][ T3964] kernel_init+0x24/0x294 [ 42.751104][ T3964] ret_from_fork+0x10/0x20 [ 42.752542][ T3964] INITIAL USE at: [ 42.753437][ T3964] lock_acquire+0x240/0x77c [ 42.754886][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.756421][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.757985][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.759737][ T3964] init_rescuer+0xa4/0x264 [ 42.761203][ T3964] workqueue_init+0x2b4/0x640 [ 42.762642][ T3964] kernel_init_freeable+0x448/0x650 [ 42.764241][ T3964] kernel_init+0x24/0x294 [ 42.765689][ T3964] ret_from_fork+0x10/0x20 [ 42.767114][ T3964] } [ 42.767740][ T3964] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 42.769679][ T3964] ... acquired at: [ 42.770587][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.771813][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.772986][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.774131][ T3964] kvmalloc_node+0x88/0x204 [ 42.775218][ T3964] get_dist_table+0x9c/0x2a4 [ 42.776349][ T3964] netem_change+0x7cc/0x1a90 [ 42.777448][ T3964] netem_init+0x54/0xb8 [ 42.778383][ T3964] qdisc_create+0x6fc/0xf44 [ 42.779459][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.780619][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.781807][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.782955][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.784056][ T3964] netlink_unicast+0x664/0x938 [ 42.785242][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.786374][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.787452][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.788565][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.789794][ T3964] invoke_syscall+0x98/0x2b8 [ 42.790989][ T3964] el0_svc_common+0x138/0x258 [ 42.792098][ T3964] do_el0_svc+0x58/0x14c [ 42.793142][ T3964] el0_svc+0x7c/0x1f0 [ 42.794138][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.795453][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 42.796595][ T3964] [ 42.797089][ T3964] [ 42.797089][ T3964] stack backtrace: [ 42.798412][ T3964] CPU: 1 PID: 3964 Comm: syz-executor142 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 42.800908][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 42.803259][ T3964] Call trace: [ 42.803980][ T3964] dump_backtrace+0x0/0x530 [ 42.804952][ T3964] show_stack+0x2c/0x3c [ 42.805910][ T3964] dump_stack_lvl+0x108/0x170 [ 42.807068][ T3964] dump_stack+0x1c/0x58 [ 42.808052][ T3964] __lock_acquire+0x62b4/0x7620 [ 42.809176][ T3964] lock_acquire+0x240/0x77c [ 42.810235][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.811309][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.812418][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.813467][ T3964] kvmalloc_node+0x88/0x204 [ 42.814601][ T3964] get_dist_table+0x9c/0x2a4 [ 42.815625][ T3964] netem_change+0x7cc/0x1a90 [ 42.816664][ T3964] netem_init+0x54/0xb8 [ 42.817578][ T3964] qdisc_create+0x6fc/0xf44 [ 42.818604][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.819724][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.820953][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.822111][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.823164][ T3964] netlink_unicast+0x664/0x938 [ 42.824244][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.825322][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.826454][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.827512][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.828768][ T3964] invoke_syscall+0x98/0x2b8 [ 42.829858][ T3964] el0_svc_common+0x138/0x258 [ 42.830980][ T3964] do_el0_svc+0x58/0x14c [ 42.831900][ T3964] el0_svc+0x7c/0x1f0 [ 42.832848][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.834019][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 42.835156][ T3964] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 42.837283][ T3964] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor142 [ 42.839405][ T3964] INFO: lockdep is turned off. [ 42.840495][ T3964] Preemption disabled at: [ 42.840505][ T3964] [] netem_change+0x22c/0x1a90 [ 42.842852][ T3964] CPU: 1 PID: 3964 Comm: syz-executor142 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 42.845361][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 42.847671][ T3964] Call trace: [ 42.848431][ T3964] dump_backtrace+0x0/0x530 [ 42.849487][ T3964] show_stack+0x2c/0x3c [ 42.850470][ T3964] dump_stack_lvl+0x108/0x170 [ 42.851536][ T3964] dump_stack+0x1c/0x58 [ 42.852490][ T3964] ___might_sleep+0x380/0x4dc [ 42.853611][ T3964] __might_sleep+0x98/0xf0 [ 42.854608][ T3964] slab_pre_alloc_hook+0x58/0xe8 [ 42.855831][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.856882][ T3964] kvmalloc_node+0x88/0x204 [ 42.857874][ T3964] get_dist_table+0x9c/0x2a4 [ 42.858920][ T3964] netem_change+0x7cc/0x1a90 [ 42.859930][ T3964] netem_init+0x54/0xb8 [ 42.860896][ T3964] qdisc_create+0x6fc/0xf44 [ 42.861993][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.863125][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.864256][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.865369][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.866463][ T3964] netlink_unicast+0x664/0x938 [ 42.867616][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.868717][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.869791][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.870872][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.872089][ T3964] invoke_syscall+0x98/0x2b8 [ 42.873248][ T3964] el0_svc_common+0x138/0x258 [ 42.874423][ T3964] do_el0_svc+0x58/0x14c [ 42.875388][ T3964] el0_svc+0x7c/0x1f0 [ 42.876287][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.877444][ T3964] el0t_64_sync+0x1a0/0x1a4